CVE-2014-3509

openssl: race condition in ssl_parse_serverhello_tlsext

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.

Condición de carrera en la función ssl_parse_serverhello_tlsext en t1_lib.c en OpenSSL 1.0.0 anterior a 1.0.0n y 1.0.1 anterior a 1.0.1i, cuando multihilos y la redención de la sesión están utilizados, permite a servidores SSL remotos causar una denegación de servicio (sobrescritura de memoria y caída de la aplicación del cliente) o posiblemente tener otro impacto no especificado mediante el envió de datos Elliptic Curve (EC) Supported Point Formats Extension.

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-08-06 CVE Published
2024-03-25 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (53)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc	X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1052.html	X_refsource_confirm
http://secunia.com/advisories/58962	Third Party Advisory
http://secunia.com/advisories/59700	Third Party Advisory
http://secunia.com/advisories/59710	Third Party Advisory
http://secunia.com/advisories/59756	Third Party Advisory
http://secunia.com/advisories/60022	Third Party Advisory
http://secunia.com/advisories/60221	Third Party Advisory
http://secunia.com/advisories/60493	Third Party Advisory
http://secunia.com/advisories/60684	Third Party Advisory
http://secunia.com/advisories/60803	Third Party Advisory
http://secunia.com/advisories/60917	Third Party Advisory
http://secunia.com/advisories/60921	Third Party Advisory
http://secunia.com/advisories/60938	Third Party Advisory
http://secunia.com/advisories/61017	Third Party Advisory
http://secunia.com/advisories/61100	Third Party Advisory
http://secunia.com/advisories/61139	Third Party Advisory
http://secunia.com/advisories/61184	Third Party Advisory
http://secunia.com/advisories/61775	Third Party Advisory
http://secunia.com/advisories/61959	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21682293	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683389	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21686997	X_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm	X_refsource_confirm
http://www.securityfocus.com/bid/69084	Vdb Entry
http://www.securitytracker.com/id/1030693	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95159	Vdb Entry
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21	X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888	X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380	X_refsource_confirm
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html	Mailing List
https://support.citrix.com/article/CTX216642	X_refsource_confirm
https://techzone.ergon.ch/CVE-2014-3511	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	2023-11-07
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html	2023-11-07
http://marc.info/?l=bugtraq&m=142350350616251&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142495837901899&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142624590206005&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142660345230545&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=142791032306609&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=143290437727362&w=2	2023-11-07
http://marc.info/?l=bugtraq&m=143290522027658&w=2	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0197.html	2023-11-07
http://security.gentoo.org/glsa/glsa-201412-39.xml	2023-11-07
http://www.debian.org/security/2014/dsa-2998	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1127498	2015-02-11
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc	2023-11-07
https://www.openssl.org/news/secadv_20140806.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2014-3509	2015-02-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta4		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0 Search vendor "Openssl" for product "Openssl" and version "1.0.0"		beta5		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0a Search vendor "Openssl" for product "Openssl" and version "1.0.0a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0b Search vendor "Openssl" for product "Openssl" and version "1.0.0b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0c Search vendor "Openssl" for product "Openssl" and version "1.0.0c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0d Search vendor "Openssl" for product "Openssl" and version "1.0.0d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0e Search vendor "Openssl" for product "Openssl" and version "1.0.0e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0f Search vendor "Openssl" for product "Openssl" and version "1.0.0f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0g Search vendor "Openssl" for product "Openssl" and version "1.0.0g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0h Search vendor "Openssl" for product "Openssl" and version "1.0.0h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0i Search vendor "Openssl" for product "Openssl" and version "1.0.0i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0j Search vendor "Openssl" for product "Openssl" and version "1.0.0j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0k Search vendor "Openssl" for product "Openssl" and version "1.0.0k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0l Search vendor "Openssl" for product "Openssl" and version "1.0.0l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.0m Search vendor "Openssl" for product "Openssl" and version "1.0.0m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h"		-		Affected